Nuxt/test/basic.ssr.csp.test.js
2018-03-19 03:11:14 +03:30

117 lines
3.3 KiB
JavaScript

import rp from 'request-promise-native'
import { Nuxt } from '..'
import { loadFixture, getPort } from './utils'
let port
const url = route => 'http://localhost:' + port + route
const startCSPTestServer = async (csp) => {
const options = loadFixture('basic', { render: { csp } })
const nuxt = new Nuxt(options)
port = await getPort()
await nuxt.listen(port, '0.0.0.0')
return nuxt
}
describe('basic ssr csp', () => {
test(
'Not contain Content-Security-Policy header, when csp.enabled is not set',
async () => {
const nuxt = await startCSPTestServer({})
const { headers } = await rp(url('/stateless'), {
resolveWithFullResponse: true
})
expect(headers['content-security-policy']).toBe(undefined)
await nuxt.close()
}
)
test(
'Contain Content-Security-Policy header, when csp.enabled is only set',
async () => {
const cspOption = {
enabled: true
}
const nuxt = await startCSPTestServer(cspOption)
const { headers } = await rp(url('/stateless'), {
resolveWithFullResponse: true
})
expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'$/)
await nuxt.close()
}
)
test(
'Contain Content-Security-Policy header, when csp.allowedSources set',
async () => {
const cspOption = {
enabled: true,
allowedSources: ['https://example.com', 'https://example.io']
}
const nuxt = await startCSPTestServer(cspOption)
const { headers } = await rp(url('/stateless'), {
resolveWithFullResponse: true
})
expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'/)
expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)
expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)
await nuxt.close()
}
)
test(
'Contain Content-Security-Policy header, when csp.policies set',
async () => {
const cspOption = {
enabled: true,
policies: {
'default-src': [`'none'`],
'script-src': ['https://example.com', 'https://example.io']
}
}
const nuxt = await startCSPTestServer(cspOption)
const { headers } = await rp(url('/stateless'), {
resolveWithFullResponse: true
})
expect(headers['content-security-policy']).toMatch(/default-src 'none'/)
expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)
expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)
expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)
await nuxt.close()
}
)
test(
'Contain Content-Security-Policy header, when csp.policies.script-src is not set',
async () => {
const cspOption = {
enabled: true,
policies: {
'default-src': [`'none'`]
}
}
const nuxt = await startCSPTestServer(cspOption)
const { headers } = await rp(url('/stateless'), {
resolveWithFullResponse: true
})
expect(headers['content-security-policy']).toMatch(/default-src 'none'/)
expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)
await nuxt.close()
}
)
})